TY - GEN
T1 - A survey of security concepts for common operating environments
AU - Loyall, Joseph
AU - Rohloff, Kurt
AU - Pal, Partha
AU - Atighetchi, Michael
PY - 2011
Y1 - 2011
N2 - As newer software engineering technologies, such as Service-Oriented Architecture (SOA), become the basis for mission-critical systems, they must include security as a foundational capability. This paper highlights security concepts relevant to using SOA as a foundation for a Common Operating Environment (COE), i.e., a set of infrastructure and common services for developing and executing applications across multiple platforms. We present and motivate security needs, tradeoffs, and solutions in the various layers of a SOA-based COE, including 1) the network, 2) computational platforms, and 3) the common software infrastructure consisting of a SOA stack, common services, and applications. We also discuss cross cutting aspects of security such as survivability, transparency, flexibility, specificity, reuse, and assurance. We then explore security standards and requirements for mission-critical systems developed on top of a SOA-based COE and security technologies that are candidates for satisfying the requirements. The paper closes with a set of recommendations and steps forward for both research into and implementation of security in a SOA-based COE.
AB - As newer software engineering technologies, such as Service-Oriented Architecture (SOA), become the basis for mission-critical systems, they must include security as a foundational capability. This paper highlights security concepts relevant to using SOA as a foundation for a Common Operating Environment (COE), i.e., a set of infrastructure and common services for developing and executing applications across multiple platforms. We present and motivate security needs, tradeoffs, and solutions in the various layers of a SOA-based COE, including 1) the network, 2) computational platforms, and 3) the common software infrastructure consisting of a SOA stack, common services, and applications. We also discuss cross cutting aspects of security such as survivability, transparency, flexibility, specificity, reuse, and assurance. We then explore security standards and requirements for mission-critical systems developed on top of a SOA-based COE and security technologies that are candidates for satisfying the requirements. The paper closes with a set of recommendations and steps forward for both research into and implementation of security in a SOA-based COE.
KW - Adaptive Survivability
KW - Cross Domain
KW - Multi-Level Security
KW - Service-Oriented Architecture
UR - http://www.scopus.com/inward/record.url?scp=79958008005&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79958008005&partnerID=8YFLogxK
U2 - 10.1109/ISORCW.2011.31
DO - 10.1109/ISORCW.2011.31
M3 - Conference contribution
AN - SCOPUS:79958008005
SN - 9780769543772
T3 - Proceedings - 2011 14th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops, ISORCW 2011
SP - 244
EP - 253
BT - Proceedings - 2011 14th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops, ISORCW 2011
T2 - 2011 14th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops, ISORCW 2011
Y2 - 28 March 2011 through 31 March 2011
ER -